INFRA
INFRA
INFRA
HPE firmware gets firmer with silicon integration to fend off attacks
Wikileaks’ Vault 7 report revealed a host of malware types that can penetrate devices’ firmware, rendering many traditional recovery methods ineffective.
“We saw evidence that firmware issues and exploits are here to stay,” said Jason Shropshire (pictured, left), senior vice president and chief technology officer at InfusionPoints LLC, a security testing and solutions company.
Joining Shropshire at HPE Discover in Las Vegas, Nevada, was Bob Moore (pictured, right), director of server software and product security at Hewlett Packard Enterprise Co., to discuss HPEs’ new approach to firmware security.
The response to Vault 7 shows that most hardware and software security vendors are ill-equipped to defend firmware, Shropshire pointed out.
For instance, Intel Corp. rush-released a firmware validation tool, he told John Furrier (@furrier) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE Media’s mobile live streaming studio. (* Disclosure below.)
Intel’s haste shows in the tool’s performance, according to Shropshire; users must take their servers offline and build a gold image — a compressed archive of the installed firmware system. “If you think you might have had a breach, you have to take your server down and compare against that gold image — and who has time to do that?” Shropshire asked.
InfusionPoints’ tests found that HPE’s Gen10 secure servers built this process in and sped it up to near-real-time, completing it without any downtime, he explained.
Firmer ware
Gen10 servers support many Intel technologies, Moore stated, with a nod to Intel’s excellence in many areas. However, Gen10 has gone several steps beyond Intel in its firmware protection, according to Moore.
“When you turn a server on, the first thing that comes on is the firmware — and in our case it’s the iLO firmware; over a million lines of the firmware code run before the operating system even starts,” he said.
This gives Trojan Horse attackers ample surface area to breach, so they can hibernate in the firmware for months or longer before opening passwords, he stated.
Gen10 ProLiant servers embed HPEs “silicon root of trust” hardware-firmware integration in the server’s bedrock, allowing immediate firmware validation, Moore explained.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s independent editorial coverage of HPE Discover US 2017. (* Disclosure: TheCUBE is a paid media partner for HPE Discover US 2017. Neither Hewlett Packard Enterprise Co. nor other sponsors have editorial control on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
